Release Date: 28/09/2025 | Issue: 307
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

New from CSA: The State of Cloud and AI Security 2025

Get insights on current cloud security practices and securing AI with The State of Cloud and AI Security 2025, just published by the Cloud Security Alliance and commissioned by Tenable. Find out how other organizations are handling identity and infrastructure protection, leadership alignment, the emerging role of AI in cloud workloads, and more.

Read the report

This week's articles


Adding Determinism and Safety to Uber IAM Policy Changes
Uber's production environment relies on a complex network of microservices and assets governed by IAM policies. Managing these policies effectively without disrupting production is challenging, as highlighted by an incident where an accidental IAM policy change caused Uber Eats outages. To address this, Uber introduced a Policy Simulator tool that allows policy authors to preview the impact of proposed changes in real time.   #aws   #iam   #build


Introducing the AWS Infrastructure Canarytoken
This post introduces AWS Infrastructure Canarytoken, a new free tool that helps deploy decoy AWS resources (DynamoDB, S3, SSM Parameters, etc.) to detect attackers exploring compromised AWS accounts.   #monitor   #aws   #defend


Safe in the sandbox: security hardening for Cloudflare Workers
Built on the V8 JavaScript runtime, Workers benefits from V8's hardened security features, such as memory protection keys and compressed pointers. Cloudflare has implemented internal modifications to V8 to enhance security, using memory protection keys to isolate different scripts (isolates) from each other, preventing data leaks between them.   #cloudflare   #defend   #explain   #containers


Seven Years of Firecracker
New ways AWS is using Firecracker for: Bedrock AgentCore, and Aurora DSQL.   #containers   #explain


The Hidden Risk in Notion 3.0 AI Agents: Web Search Tool Abuse for Data Exfiltration
A critical security vulnerability in Notion 3.0's AI Agents demonstrates how the combination of LLM agents, tool access, and long-term memory creates exploitable attack vectors for data exfiltration.   #ai   #attack   #saas


IMDS Abused: Hunting Rare Behaviors to Uncover Exploits
This post is about how Wiz used a data-driven methodology to uncover and stop anomalous IMDS usage, and how that approach led them to discover a zero-day vulnerability being exploited in the wild in a popular web service.   #attack   #aws   #defend


pull_request_target Misconfiguration Leads to RCE
Orca Research Pod details how misconfigured pull_request_target workflows in GitHub Actions can lead to RCE, secret exfiltration, and supply chain attacks.   #attack   #ci/cd   #supply-chain


Wiz Research Finds Risks in 20% of Vibe-Coded Apps
Wiz Research discovers one in five organizations exposed to systemic risks in vibe-coded applications. These risks include client-side authentication flaws, exposed API keys, permissive database access, and publicly accessible internal applications.   #defend   #ai   #build


Your Vulnerability Scanner Might Be Your Weakest Link
Post examining real-world risks created by scanner access, from password exposure to potential pivots into CI/CD infrastructure.   #ci/cd   #attack


Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.   #announcement   #supply-chain   #defend

Tools


IAMhounddog
A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS accounts.


replik8s
A modern open-source Kubernetes auditing and investigation tool. You can also refer to the companion blog post.


jwt-cli
A super fast CLI tool to decode and encode JWTs.


force-push-scanner
Scan for secrets in dangling commits on GitHub using GH Archive data.

From the cloud providers


#AWS   Unlock new possibilities: AWS Organizations service control policy now supports full IAM language
AWS recently announced that AWS Organizations now offers full AWS IAM policy language support for service control policies (SCPs). With this feature, you can use conditions, individual resource Amazon Resource Names (ARNs), and the NotAction element with Allow statements.


#AWS   How to accelerate security finding reviews using automated business context validation in AWS Security Hub
A structured workflow where security teams define acceptable compensating controls, developers implement them, and an automated system validates their effectiveness.


#GCP   Strengthen GCE and GKE security with new dashboards powered by Security Command Center
The GCE Security Risk Overview page now shows top security findings, vulnerability findings over time, and common vulnerabilities and exploits (CVEs) on your virtual machines.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini